REPLY UNDER 37 CFR §1.116 
EXPEDITED PROCEDURE 
TECHNOLOGY CENTER 2135 

Amendment to the Claims: 

This listing of claims will replace all prior versions and listings of claims in the 
application. 

Listing of Claims: 

1 . (Previously presented) A method of managing authorization tokens within a computer 
system comprising: 

creating a master owner token indicating a management environment has full 
ownership of a trusted platform module within the computer system; 

creating a delegate owner token for a delegated environment; 

communicating the delegate owner token, but not the master owner token, to the 
delegated environment; and 

allowing the delegated environment access to the trusted platform module when 
the delegated environment presents the delegate owner token to the trusted platform 
module. 

2. (Original) The method of claim 1, further comprising storing the master owner token 
in a secure storage within the computer system. 

3. (Canceled) 

4. (Previously presented) The method of claim 1, wherein creating the delegate owner 
token comprises the management environment sealing the delegate owner token to the 
delegated environment. 



App. No. 10/686,343 
Docket No. 42.P15784 



2 



Examiner: L. Ha 
Art Unit: 2135 



REPLY UNDER 37 CFR §1.116 
EXPEDITED PROCEDURE 
TECHNOLOGY CENTER 2135 

5. (Previously presented) The method of claim 1, further comprising the master owner 
token indicating the management environment can change at least one of the master 
owner token and the delegate owner token. 

6. (Previously presented) The method of claim 1, further comprising launching the 
management environment and then launching the delegated environment. 

7. (Previously presented) The method of claim 1, further comprising storing the delegate 
owner token in an access control list in the trusted platform module. 

8. (Previously presented) The method of claim 7, further comprising removing, by the 
management environment, the delegate owner token from the access control list and 
adding a different delegate owner token to the access control list. 

9. (Previously presented) An article comprising: 

a storage medium having a plurality of machine readable instructions, wherein 
when the instructions are executed by a processor, the instructions provide for managing 
authorization tokens within a computer system by 

creating a master owner token indicating an administrative environment has full 
ownership of a trusted platform module within the computer system; 

creating a delegate owner token for a delegated environment; 

communicating the delegate owner token, but not the master owner token, to the 
delegated environment; and 

allowing the delegated environment access to the trusted platform module when 
the delegated environment presents the delegate owner token to the trusted platform 
module. 

10. (Original) The article of claim 9, further comprising instructions for storing the 
master owner token in a secure storage within the computer system. 
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11. (Canceled) 

12. (Previously presented) The article of claim 9, wherein creating the delegate owner 
token comprises the administrative environment sealing the delegate owner token to the 
delegated environment. 

13. (Previously presented) The article of claim 9, further comprising the master owner 
token indicating the administrative environment can change at least one of the master 
owner token and the delegate owner token. 

14. (Previously presented) The article of claim 9, further comprising instructions for 
launching the administrative environment and then launching the delegated environment. 

15. (Previously presented) The article of claim 9, further comprising instructions for 
storing the delegate owner token in an access control list in the trusted platform module. 

16. (Previously presented) The article of claim 15, further comprising instructions for 
removing, by the administrative environment, the delegate owner token from the access 
control list and adding a different delegate owner token to the access control list. 

17. (Previously presented) A computer system comprising: 

a plurality of delegated environments; 

a management environment to create a master owner token indicating the 
management environment has full ownership of a trusted platform module within the 
computer system, to create a plurality of delegate owner tokens indicating partial 
ownership of the trusted platform module, and to communicate a selected one of the 
plurality of delegate owner tokens, but not the master owner token, to a selected one of 
the plurality of delegated environments; 
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wherein the trusted platform module stores delegate owner tokens created by the 
management environment and allows the selected one of the plurality of delegated 
environments access to the trusted platform module when the selected one of the plurality 
of delegate owner tokens is presented to the trusted platform module by the selected one 
of the plurality of delegated environments. 

18. (Original) The computer system of claim 17, further comprising a secure storage to 
store the master owner token. 

19. (Canceled) 

20. (Previously presented) The computer system of claim 17, wherein the trusted 
platform module comprises an access control list for storing delegate owner tokens 
created by the management environment. 
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